Cyber-Attack May Have Taken Down Ukraine’s Power Grid

Getty ImagesJOHN HAYWARD7 Jan 2016

Security experts across the world are increasingly worried about the possibility of a cyber-attack that would target infrastructure – anything from communications and traffic control to electric power or utility services. Just such an attack is believed to have occurred on December 23 in Ukraine.

Reuters reports that Ukrainian state security blames Russian hackers for the attack, which took down electric power for thousands of customers in the Ivano-Frankivsk region. If the investigation announced by Ukraine’s government validates these claims, it would be one of the first examples of physical damage from a cyber-attack, and the first confirmed case of a hacker-induced power outage.

Ukraine’s SBU state security specifically blamed Russian government operatives for the attack. Other analysts point to a hacker gang called “Sandworm,” which might be linked to Russian intelligence.

Ars Technica reports that researchers from the iSIGHT Partners security firm have recovered samples of malware code from Ukrainian utility computers, which they credit with causing “destructive events” culminating in the power outage.

The malware appears to be a new, upgraded version of a virus called BlackEnergy, which has been around since 2007, but has more recently been updated with the capability to “destroy critical parts of a computer hard drive” and “sabotage industrial control systems,” as well as giving its controllers a permanent back door into infected systems.

Ukraine’s Computer Emergency Response Team claims a version of this virus has attacked Ukrainian media organizations and permanently destroyed some of their data.

Slovakia’s ESET antivirus corporation says BlackEnergy was inserted into the power company systems using “booby-trapped macro functions embedded in Microsoft Office documents,” which Ars Technica notes is a disturbingly simple technique for launching a malware attack that could knock out a major power grid.

Wired notes that if the Ukrainian blackout was indeed caused by malware, it would be only the third confirmed instance of a cyber-attack causing physical damage to an industrial facility. The other two were a hacker strike that caused massive damage to a German steel mill by taking over a blast furnace in 2015, and most famously, the Stuxnet malware attack on Iran’s nuclear weapons program in 2008.

There is good reason to worry about the threat of computer attacks on infrastructure, and to fear that Ukraine’s blackout might be a harbinger of worse things to come. Wired quotes UK chancellor George Osborne describing the chaos that could result if a cyber-attack completely wiped out electric power in a major city for a sustained period of time: “If the lights go out, the banks stop working, the hospitals stop functioning or government itself can no longer operate, the impact on society could be catastrophic.”